package cloud.xuxiaowei.oauth2.config;

import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.security.web.csrf.LazyCsrfTokenRepository;

/**
 * CSRF Token 配置
 *
 * @author xuxiaowei
 * @since 0.0.1
 * @see CsrfConfigurer
 */
@Configuration
public class CsrfTokenRepositoryConfig {

	/**
	 * 启动项目时，当 {@link CsrfTokenRepository} 的 {@link Bean} 不存在时，才会创建此 {@link Bean}
	 * <p>
	 * 此处使用的是默认的懒加载 {@link LazyCsrfTokenRepository} 的
	 * {@link HttpSessionCsrfTokenRepository} {@link Bean}
	 */
	@Bean
	@ConditionalOnMissingBean
	public CsrfTokenRepository csrfTokenRepository() {
		return new LazyCsrfTokenRepository(new HttpSessionCsrfTokenRepository());
	}

}
